GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Nov 03, 2020 3:26 am Post subject: [ GLSA 202011-03 ] KPMCore |
 |
|
Gentoo Linux Security Advisory
Title: KPMCore: Root privilege escalation (GLSA 202011-03)
Severity: normal
Exploitable: local
Date: 2020-11-03
Bug(s): #749822
ID: 202011-03
Synopsis
A vulnerability in kpmcore could result in privilege escalation.
Background
KPMcore, the KDE Partition Manager core, is a library for examining and
modifying partitions, disk devices, and filesystems on a Linux system. It
provides a unified programming interface over top of (external)
system-manipulation tools.
Affected Packages
Package: sys-libs/kpmcore
Vulnerable: < 4.2.0
Unaffected: >= 4.2.0
Architectures: All supported architectures
Description
Improper checks on the D-Bus request received resulted in improper
protection for /etc/fstab.
Impact
An attacker could esclate privileges to root by exploiting this
vulnerability.
Workaround
There is no known workaround at this time.
Resolution
All KPMCore users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/kpmcore-4.2.0"
|
References
CVE-2020-27187
Upstream advisory
|
|
News & Announcements
